Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

· Pacific
Gas & Electric Co., officials reported that at least 65,000 homes and
businesses lost power across the San Francisco Bay Area for over 3 hours June
8-9 in heat-related outages. – San Francisco Chronicle

1. June 9,
San Francisco Chronicle – (California) Power outages hit 65,000
in Bay Area, slow BART. Pacific Gas & Electric Co., officials reported
that at least 65,000 homes and businesses lost power across the San Francisco
Bay Area for over 3 hours June 8 – 9 in heat-related outages, including an East
Bay blackout reportedly caused by a squirrel in an El Cerrito substation that
knocked power out to 45,000 customers and the Downtown Berkeley Bay Area Rapid
Transit (BART) station. The heat also affected BART service on the Daly City
line. Source: http://www.sfgate.com/bayarea/article/Power-outages-hit-thousands-in-San-Jose-East-Bay-6314969.php

· The U.S.
Department of Agriculture reported June 8 that liquid, dried, and frozen egg
products will be imported from the Netherlands due to a shortage caused by the
spread of the avian flu. – KCCI 8 Des Moines

·
Crews are working to install a temporary water line to service 250 Logan
County, Colorado residents that have been without running water due to a main
break during the week of June 1. – KUSA 9 Denver (See item 13)

13. June
8, KUSA 9 Denver – (Colorado) Colo. town without water for more
than a week. Crews are working to install a temporary line to get water
running for 250 residents of Logan County that have had no access to running
water service since a water main beak occurred the week of June 1. The
temporary line is expected to be finished by the week of June 15 and a
permanent solution will take several months, leaving residents to rely on
drinking water from Red Cross and nearby towns. Source: http://www.9news.com/story/news/local/2015/06/08/ne-colorado-town-of-iliff-without-water-for-more-than-a-week/28706837/

· The
White House Office of Management and Budget issued the HTTPS-Only Standard
directive June 8, requiring all public Federal Web sites to switch to HTTPS
connections by December 31, 2016. – White House Office of Management and
Budget See
item 27 below in the Information Technology Sector

Financial Services Sector

4. June 9,
Bay Area News Group – (National) RPM Mortgage fined $20 million
over loan scheme. The U.S. Consumer Financial Protection Bureau issued $20
million in fines June 8 to RPM Mortgage and the company’s CEO following
allegations that he paid employees bonuses to place clients in loans with
higher interest rates from 2011 – 2013. RPM Mortgage agreed to settle the
allegations without admitting wrongdoing. Source: http://www.santacruzsentinel.com/business/20150608/rpm-mortgage-fined-20-million-over-loan-scheme

For another story, see item 26 below
in the Information Technology Sector

Information Technology Sector

23. June 9, BBC – (International) Cyber-thieves
cash in from malware. Security researchers at Trustwave reported that
cyber-thieves can earn almost 1,500 percent potential profit from ransomware
kits by spending approximately $5,900 on kits that could earn about $90,000 a
month in an attack campaign via a compromised Web site. Source: http://www.bbc.com/news/technology-33048949

26. June 8, SC Magazine – (International) Vawtrak
banking malware found to use Tor2Web. Security researchers from Fortinet
reported that the Vawtrak banking malware, also known as Neverquest, is using
Tor2Web as a method to steal banking credentials undetected by accessing Tor
anonymous network sources without directly connecting to the network or using a
Tor client. The malware typically used fixed command-and-control (C&C)
servers, which are easier to trace. Source: http://www.scmagazine.com/fortinet-posts-new-vawtrak-blog-post/article/419355/

27. June 8, White House Office of Management and Budget –
(International) HTTPS-everywhere for government. The White House Office
of Management and Budget issued the HTTPS-Only Standard directive June 8,
requiring that all publicly accessible Federal Web sites and Web services only
provide service through Hyper Text Transfer Protocol Secure (HTTPS) connections
by December 31, 2016. The U.S. Chief Information Officer set up a Web site to
provide technical assistance and best-practices for migration as well as a
public dashboard to monitor progress. Source: https://www.whitehouse.gov/blog/2015/06/08/https-everywhere-government

For additional stories,
see item 2 below from the Energy Sector, item 15 from the Healthcare
and Public Health Sector and item 18 below from the Government Facilities
Sector

2. June 8, Securityweek – (International) XZERES
fixes CSRF vulnerability in small wind turbine. XZERES Wind released a
patch to address a cross-site request forgery (CSRF) vulnerability in its 442SR
wind turbine web-based interface in which a remote attacker could hijack user
sessions and cause a loss of power for all attached systems. Source: http://www.securityweek.com/xzeres-fixes-csrf-vulnerability-small-wind-turbine

15. June 8, Threatpost – (National) Many drug
pumps open to variety of security flaws. A security researcher revealed
severe vulnerabilities in several drug-infusion pumps manufactured by Hospira,
including the Plum A+, PCA LifeCare, and Symbiq pumps, which run the same
software as the known-susceptible PCA3 and PCA5 pumps. An unauthenticated
remote root shell and hard-coded local credentials are among the
vulnerabilities which leave the devices open to security risks. Source: https://threatpost.com/many-drug-pumps-open-to-variety-of-security-flaws/113202

18. June 8, Securityweek – (National) US Army
website hacked: officials. The U.S. Army’s official Web site was shut down
June 8 after hackers claiming to be affiliated with the “Syrian Electronic
Army” posted messages denouncing U.S. training of rebel fighters in Syria. No
classified or personal data was housed on the Web site, and officials reported
that no data was stolen. Source: http://www.securityweek.com/us-army-website-hacked-officials

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"